1#! /usr/bin/env perl 2# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use File::Spec; 14use OpenSSL::Test qw/:DEFAULT srctop_file/; 15use OpenSSL::Test::Utils; 16 17setup("test_d2i"); 18 19plan tests => 14; 20 21ok(run(test(["d2i_test", "X509", "decode", 22 srctop_file('test','d2i-tests','bad_cert.der')])), 23 "Running d2i_test bad_cert.der"); 24 25ok(run(test(["d2i_test", "GENERAL_NAME", "decode", 26 srctop_file('test','d2i-tests','bad_generalname.der')])), 27 "Running d2i_test bad_generalname.der"); 28 29ok(run(test(["d2i_test", "ASN1_ANY", "BIO", 30 srctop_file('test','d2i-tests','bad_bio.der')])), 31 "Running d2i_test bad_bio.der"); 32# This test checks CVE-2016-2108. The data consists of an tag 258 and 33# two zero content octets. This is parsed as an ASN1_ANY type. If the 34# type is incorrectly interpreted as an ASN.1 INTEGER the two zero content 35# octets will be reject as invalid padding and this test will fail. 36# If the type is correctly interpreted it will by treated as an ASN1_STRING 37# type and the content octets copied verbatim. 38ok(run(test(["d2i_test", "ASN1_ANY", "OK", 39 srctop_file('test','d2i-tests','high_tag.der')])), 40 "Running d2i_test high_tag.der"); 41 42# Above test data but interpreted as ASN.1 INTEGER: this will be rejected 43# because the tag is invalid. 44ok(run(test(["d2i_test", "ASN1_INTEGER", "decode", 45 srctop_file('test','d2i-tests','high_tag.der')])), 46 "Running d2i_test high_tag.der INTEGER"); 47 48# Parse valid 0, 1 and -1 ASN.1 INTEGER as INTEGER or ANY. 49 50ok(run(test(["d2i_test", "ASN1_INTEGER", "OK", 51 srctop_file('test','d2i-tests','int0.der')])), 52 "Running d2i_test int0.der INTEGER"); 53 54ok(run(test(["d2i_test", "ASN1_INTEGER", "OK", 55 srctop_file('test','d2i-tests','int1.der')])), 56 "Running d2i_test int1.der INTEGER"); 57 58ok(run(test(["d2i_test", "ASN1_INTEGER", "OK", 59 srctop_file('test','d2i-tests','intminus1.der')])), 60 "Running d2i_test intminus1.der INTEGER"); 61 62ok(run(test(["d2i_test", "ASN1_ANY", "OK", 63 srctop_file('test','d2i-tests','int0.der')])), 64 "Running d2i_test int0.der ANY"); 65 66ok(run(test(["d2i_test", "ASN1_ANY", "OK", 67 srctop_file('test','d2i-tests','int1.der')])), 68 "Running d2i_test int1.der ANY"); 69 70ok(run(test(["d2i_test", "ASN1_ANY", "OK", 71 srctop_file('test','d2i-tests','intminus1.der')])), 72 "Running d2i_test intminus1.der ANY"); 73 74# Integers with illegal additional padding. 75 76ok(run(test(["d2i_test", "ASN1_INTEGER", "decode", 77 srctop_file('test','d2i-tests','bad-int-pad0.der')])), 78 "Running d2i_test bad-int-pad0.der INTEGER"); 79 80ok(run(test(["d2i_test", "ASN1_INTEGER", "decode", 81 srctop_file('test','d2i-tests','bad-int-padminus1.der')])), 82 "Running d2i_test bad-int-padminus1.der INTEGER"); 83 84SKIP: { 85 skip "No CMS support in this configuration", 1 if disabled("cms"); 86 87 # Invalid CMS structure with decode error in CHOICE value. 88 # Test for CVE-2016-7053 89 90 ok(run(test(["d2i_test", "CMS_ContentInfo", "decode", 91 srctop_file('test','d2i-tests','bad-cms.der')])), 92 "Running d2i_test bad-cms.der CMS ContentInfo"); 93} 94
